package com.gitee.mocoffee.actuator.spring;

import org.springframework.boot.actuate.autoconfigure.security.servlet.EndpointRequest;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * @author lijia
 */
@Configuration
public class ActuatorSecurityConfig extends WebSecurityConfigurerAdapter {
    public static final String SHUTDOWN_URI = "/actuator/shutdown";
    public static final String DUMP_URI     = "/actuator/heapdump";
    public static final String ROLE         = "ACTUATOR";

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.requestMatcher(EndpointRequest.toAnyEndpoint())
            .authorizeRequests()
            .antMatchers(SHUTDOWN_URI, DUMP_URI)
            .hasRole(ROLE)
            .and()
            .httpBasic();
    }
}
